IT concerns are fast moving from mobile device management (MDM) to mobile application management (MAM) as part of a shift in thinking from whether to allow mobile devices in to how to best take advantage of them. At IT conferences, I hear more and more questions about how to manage those applications. For organizations used to controlling the software on a user's PC via tools such as IBM's Tivoli and Microsoft's SMS, the iPhones, iPads, and Androids now becoming commonplace herald a Wild West environment.

The heterogeneity of those devices is daunting enough -- most desktop application management tools can't even do a decent job of handling Mac OS X applications, so no one expects them to go near the mobile devices. But mobile OSes veer even more dramatically from the desktop, making app management less suitable for IT's traditional approach. The use of app stores means IT isn't the central distributor of apps in mobile, while the mix of HTML and native apps raises another level of complexity. Sure, IT can put together its own mobile app "store," but it's often a glorified website or intranet site with links to approved or recommended apps, both internal and external.

Even as IT has given up the notion of ruling over mobile devices and instead has come to view them as a device jointly "owned" with the user, IT rightfully wants to manage the business-oriented apps on those devices. That way, when an employee leaves the company or a device is lost, the application and its data can be removed from the device. IT also rightfully wants to be able to manage updates and licenses, as well as track usage -- especially in the messy context of apps used by employees, contractors, and business partners, in which even a control-oriented organization simply can't seize the traditional control over all the devices.

The first wave: Managing HTML app containers via policiesWhat's evolved in the device management space is a policy-oriented approach. In this scenario, a tool such as BlackBerry Enterprise Server (BES), Microsoft Exchange (via Exchange ActiveSync protocol), or a third-party MDM utility, such as those from Good Technology, MobileIron, and Trellia, manages the data it provisions, including mail, contacts, and so on. It can also impose devicewide access policies, such as password requirements, remote lock, and more. Some of these tools can even manage applications they provision, essentially allowing or disallowing access, as well as pushing updates.

The same is beginning to happen in mobile application management. A few weeks back, I profiled the approach used by Antenna Software, whose MAM essentially puts HTML apps in a virtual box on the iPhone or Android device. IT can then control and monitor the apps in that box. The approach is very similar to how many MDM tools work, providing their own clients, managing the email, and so on, apart from the rest of the device; it's akin to the VDI approach used in Citrix Systems' Receiver app for mobile devices.

That box approach provides a clear separation between work and personal apps and data, but it's a bit heavy-handed, forcing users (in the case of Antenna's Volt) to open a container app to access business-provisioned HTML apps. That's acceptable for HTML apps, as users typically first launch a browser before running a Web app, and you can think of the Volt client as a browser for enterprise apps. Plus, IT directly controls those apps because they run on IT's servers just like a desktop Web app.